The FP reporting form at https://www.clamav.net/reports/fp seems not
to be working in my browser, but I found a false positive that is easy
to reproduce. In a linux system zip file produced by these following
commands triggers Email.Phishing.VOF1-6313981-0:

dd if=/dev/urandom of=fubar.txt bs=1k count=10
zip -m test.docx fubar.txt 
zip -m test test.docx 

Now when you send the test.zip as an email attachment it triggers
Email.Phishing.VOF1-6313981-0.