Deep scans frequently alert with an "unknown" malware family and a description of "This file has characteristics that are similar to previously identified malicious content." This is not enough information to identify a potential threat within otherwise legitimate looking documents.

The detections details should identify what triggered the detection. Was it a macro, the phrasing of the content, an embedded link, etc.? If it was a link, what link(s) is suspicious.