I really don't understand why the IO hit... If you're designing the OS, you can either scan a file when it's written to disk, or when it's read from disk, or sometime inbetween. when you have scanned a given file, you need not rescan it if the file hasn't changed.
These facts together mean that it should be really rare that any application needs to be waiting for any scanning - since scanning can happen anytime between a data write and a read of the same data.
But if you control the kernel and all the code that runs in the kernel, you know exactly who has written to disk and when. So if nobody wrote that data, then it hasn't changed.
In Windows there's a hook on file handle close which AV products use to implement their file scanning.
I know this because I did a bunch of reading on the topic after encountering catastrophic halts inside of CloseHandle, deep inside the kernel. And even with administrator privileges I could not kill the process, or the attached debugger, and the machine was unable to shutdown because even it could not kill the stuck process. I had to hard power cycle to get back to a usable system. Near as I can tell this was because of the AV product the company was using that crashed or deadlocked or something.
These facts together mean that it should be really rare that any application needs to be waiting for any scanning - since scanning can happen anytime between a data write and a read of the same data.