Network switches with enhanced processing power and a virus information database are used to detect possible virus attacks and identify the source of the attacks within a computer network. A network switch has multiple ports that are directly connected to different computers for routing network communication packets among the computers. The packets passing through the network switch are scanned for virus signatures and/or patterns of virus attacks. In an off-line scan mode, a copy of the packets passing through the switch is saved into a packet queue for scanning. Alternatively, in an on-line scan mode, packets received by the network switch are scanned for virus signatures or virus attack patterns before being forwarded to their destination ports.