you can look at this thread http://forums.adobe.com/message/5443464#5443464 the post in position 8 and on Charlie Arehart's Blog at http://www.carehart.org/blog/client/index.cfm/2006/5/7/cfform_not_doin g_upload for understanding how it is possible.
The situation is that if you have a form with an input type file, when you submit the form this file is uploaded to the folder ColdFusion9\runtime\servers\coldfusion\SERVER-INF\temp\wwwroot-tmpeven though there is not a cffile in the response page. However, if the file is in format .tmp it should not be dangerous.
To limittheseuploads,I realized thatin the logsofiis,in the sametime that theantivirusblocks the file,there is arequest for the pagehttp://myserverip/cfide/h.cfm. When you seethatrequest, blockthe ip addresswhomade it.In mycase it's alwaysthe same group of2-3iptomake this kind of request.