Strike one. Sounds like it. The message does seem consistant. Another thing you can check is the extension(s) on the attached file. If there are more than one then you have, strike two. Personally, I would not chance it. Contact the sender. I assume from what I have heard he is someone you know? If you are unsure of it's authenticity you can confirm with him if he did send you this file.
It is good that you have updated your Norton etc. That is always smart in case something gets past you.