Nasty WinRAR bug is being actively exploited to install hard-to-detect malware March 15, 2019 https://arstechnica.com/information...-exploited-to-install-hard-to-detect-malware/
If you open an unsolicited email attachment in ace or rar format, you are pretty much asking for trouble. If you thought it was a good idea, someone is probably going to get you anyway though so have fun. We'll probably see you here, asking for help.
Also, the mitigation for this if you can't upgrade to the latest ver. of WinRAR or don't want to apply the third party patch is to remove he unacev2.dll from the WinRAR directory. Or, alternatively disassociate the .ace extension.
I though WinRAR had a feature where a user can tie-in so to speak an AV to scan the unpacked archives. It did when I used it. In fact an older version still in one of my folders offers that option. That is if users actually set that feature or not is another matter.