Our virus protection software detects Trojans or other types on threats in old emails when a user caches a mailbox on a computer for the first time. The alerts look like this:
Threat Detected: Trojan.Java.Adwind.cn
Affected Object: C:\Users\russh\AppData\local\Novell\GroupWise\user X\gwstrlzv\rofdata\index\58c161be(dot)tmp

I believe this happens when messages with attachments are copied out of blob files to be indexed locally. Some of these users have mailboxes that are 15 years or more older, these files may have been there for years. We can't force users to archive, they always protest they need this content.

Is there any way to figure out what these files actually are?