I believe you can still have clawback and burning. But it indeed requires a more complex setup.
Essentially, you want the clawback address to be a logicsig account or an application account so that some clawbacks are forbidden (such as those that would “unburn” an asset).
If I understand correctly, you sent say 2 assets to 1000 accounts, and you want to burn 1 asset in each account?
If yes, the only solution is indeed to manually clawback each of the 1000 accounts (either via inner transactions or not), but this needs to be done one by one.
Now, often there are other solutions that can simulate the above without requiring so many transactions: at the end, burning is similar to increasing the value / exchange rate of the token.