[clamav-users] Reading/extracting odttf/xps files

[Alex]

Hi,

We've recently received a few XPS files as part of a phishing attack
that were not recognized by clamav. Has anyone done any analysis of
the odttf files contained within that they could share?

I'd like to be able to extract the text from them that contains the
URI as part of the phishing attack.

Have others seen a significant increase in these files in recent
weeks? Do you believe this trend will continue? Are patterns actively
being developed for clamav against these attacks?