I'd have to agree with most of the guys up there. Apart from the fact that you'll get in deep **** if the admin finds out by himself (I'm sooo not being sexist there), it is better to let the admin know.
Think about it - the admin is responsible for the security of the network. If you've installed a program that, even without you kowing about it, can open some kind of backdoor into students' folder, you're putting the whole school's privacy at risk.
Kind of the same happened to me - I figured out so many ways of bypassing the current security tools, and went as far as nabbing the SAM file on one of the domains. I went to the admin with the docs on what *could* happen if someone got their hands on that kind of material. She kinda freaked out, but then asked me to help her securing the network.
Sure, I was **** scared for the first 10 mns, but it turned out all right. An hell! You haven't even broken in his account! Just a program...

If you don't want to go as far as that, tell the admin that you've downloaded this attachement, but didn't know what it was. You'll be seens as a noob for a moment, but no harm done. Humility doesn't hurt anyone