This sounds very suspicious to say the least! Did you have yahoo scan the file?

Rule of thumb. Legit companies never email anything important. They will advise you to proceed to their web site (not via a link) and update through a secure link.
If it appears to be from a company you know, contact that company. I believe they would be very interested in a copy of that email.

You are certainly wise to suspect this kind of E-mail, since it is both unexpected and contains a .zip file (this is often used to avoid ISP's virus scans). In addition to the non-standard English used, firewalls are NOT anti-virus-finders. Lastly, it pretends to contain an "update" for an application, but doesn't indicate what it is updating or what customers they are supporting. As Acklan has written, no legitimate company ever sends patches or updates as an E-mail attachment.
I am sure if you were to expand the E-mail header, it would show an extremely questionable source. If you are using Yahoo, you should send a copy to their "abuse" address, and then promptly delete the E-mail.
Regards,
John

hey thanks for the great informative post.. Shows how eaisly and unwittingly malware can be installed

yeah. well there was no way i was going to dowload and run it anyway. i was just thinking though, would it be safe for me to just download the file (not run it or anything) and scan it with AVG anti-virus just for fun? i mean, you cant get a virus unless you actually run it right?

i will contact yahoo about this. though i may be a little too late.

I would not sugjest downloading anything as it may just have an instant run operation that could infect you the best thing I think you could do is just delet the message and block the sender.