Did you actually go on holiday with the person who sent it? Is the email address slightly "off" (e.g., friend@gmai1.com instead of gmail.com )?
If a "friend" sends a file with no personal message or a very generic one like "Hey, look at these lol," it’s likely a bot. 4. Safe Handling HolidaySnaps.rar
If you absolutely must check a suspicious file, never open it on your main system. Security pros use: Did you actually go on holiday with the person who sent it