Any unsolicited email that asks you to open an attachment is bad. If that attachment is a program then you can consider it a scam. Below is an email I received with a link to malware. It’s asking me to download and run an unknown program. The email also says it was sent by me, rather odd. I’ve removed personal details from the email,
A new settings file for the <email address> has just been released
Dear user of the <email address> mailing service!
We are informing you that because of the security upgrade of the mailing service your mailbox <email address> settings were changed. In order to apply the new set of settings please click to this link and open file((If clicking the link in this message does not work, copy and paste it into the address bar of your browser.)
Best regards, <email address> Technical Support.
The words in italics and in < > are my changes, to make it easier to read and search, and to avoid linking to the actual malware.
Any email that looks like the above is suspicious. Any attachment (and especially one that ends with .exe) is suspicious, and when it says that I sent it to myself it leaves no doubt that this is a scam that links to malware.
Learning to recognise these scam emails is important. Relying on virus scanners is good but common sense also helps.