Program files were the major source of trouble in the past, but new "macro" viruses can hide in data files and launch, for example, when a macro created in a word processing program is run. Server-based and client-based virus-scanning programs both have roles that help protect the intranet.

A virus hides inside a legitimate program. Until you run the infected program, the virus remains dormant. When you run the infected program, the virus get into action. Usually, the first thing it will do is infect other programs on your hard drive by copying itself into them.
A lot of viruses place messages called v-markers or virus markers inside programs that they infect, and they help manage the viruses' activities. Each virus has a specific virus marker associated with it. If a virus encounters one of these markers in another program, it knows that the program is already infected, and so doesn't replicate itself there. When a virus cannot find any more unmarked files on a computer, that can signal to the virus that there are no more files to be infected. At this point, the virus may begin to damage the computer and its data. Viruses can corrupt program or data files so that they work oddly, not at all, or cause damage when they run. They can damage all the files on your computer, change the operating files system that your computer needs when it is turned on, and cause other types of damage.

Intranet and internet virus scanning software runs on a server in an intranet firewall. The software doesn't check every packet that comes or go in the intranet for viruses, since that would not be feasible. Instead, it scan only those packets sent with the kinds of Internet services and protocols that indicate that a file may be in the process of being transferred from the Internet to the intranet-commonly, e-mail (which is sent via SMTP, Simple Mail Transfer Protocol), the FTP (File Transfer Protocol), and the World Wide Web (HTTP, Hypertext Transfer Protocol). The software uses packet filtering technology to know which packets are being sent with these protocols.
When the software finds packets that are sent with SMTP, FTP, or HTTP, it knows it must examine them further, to see if they have viruses code in them. Virus scanning software works in many ways. One method of detection is to check files for tell-tale virus markers that indicate the presence of a virus.

Packets not using SMTP, FTP, or HTTP (such as NNTP) are passed through, and the software does not perform any action on them.
If the file is found to be virus-free, it is allowed to pass. If it is found to have a virus, it won't be allowed to pass into the intranet.
Antivirus  should also be run on every computers inside the intranet because it's possible that a virus can be brought into the intranet by diskettes,or cd or flash drive for example. In addition to protection against viruses, it can detect viruses, and kill any virus that it finds.