As the use of sigtool was the only thing not covered explicitly in the signature creation documentation (signatures.pdf), that was the only thing left to fill in. The documentation covers everything else needed to create your own signatures, including the accepted naming conventions and a description of what they imply (section 3.10 Signature names ... ClamAV uses the following prefixes for signature names ...)
Beyond that, it is an exercise for the end-user to determine if something detected is actually malicious or if it's a false positive, and the way to do that is to understand what the signature is looking for and where it is in the impacted file. As I mentioned, the only thing that doesn't work with is hashes. The best you can do for those is look up the hash in various online scanners and get a sense for what other engines are detecting them as and looking up the virus names as well.
If these two things (the existing documentation and the use of sigtool), do not answer the question then the question needs to be rephrased so it is clearer as to the intent of the question. The 'why' someone thought something is malicious should be clear from the virus signature. If it's not, and you disagree with the detection, it should be reported as a false positive so the signature can be improved / clarified / etc.
Looking at Win.Exploit.Unicode_Mixed-1 in particular, I would say that it's not a great sig for exactly the reason you question it. It's unclear (to me) what about that sequence is malicious though it's probably something that is common to mixed unicode script exploitation (but again, that's a guess). From the name of the virus, it's expecting it on Windows systems (or on something that Windows systems can access) and there's likely an exploit related to mixing unicode characters and non-unicode characters that matches that signature. A quick Google search for "Windows mixed unicode exploit" brings up 133,000 results of pages talking about building exploits to take advantage of Unicode processing issues in Windows.
If you're seeing that in tcpdump output on your IDS, then it's likely a case of either one of your systems pulling that data from an exploited remote system (like a web server).
The OP was, however, asking if there are "plans to regulate the signature names so that they are more regular and people actually know what they mean"...and that IS in the signature writing documentation. Or, at least, the guidelines are presented there which the ClamAV folks try to follow and recommend to others. If you are pulling from other third-party sources, they probably have their own naming conventions. The OP is also correct that the list of names in the documentation is woefully incomplete even for the signatures that ClamAV writes. But seeing as ClamAV is open-source and pretty much anyone can write signatures for it without approval from the ClamAV authors, there is zero chance of "regulation" of signature names.
The best you can do is break down the name, look at the signature definition, and Google. And sigtool will, at the very least, tell you what ClamAV is seeing as malicious even if it doesn't tell you why the signature author thought it was malicious to begin with.
--Maarten