Internet Service Provider (ISP), as the convergers and distributors of network information, is the best network virus defender. However, ISP usually would like to detect the ingress information while ignoring the egress information according to the cost. The security measures for ISP in the whole network were analyzed and the strategy of egress detection was presented to provide reference for ISP's selection of strategies. First, the game model between ISP and attackers and the spreading model of network virus were proposed. Secondly, the impacts of the strategies selected by ISP on the spreading of virus were analyzed when the dynamical spreading of network virus was considered. The results show that ISP will face an increase in invasion risk when it does not take egress detection, however the adoption of egress detection can improve not only the ISP's own utility, but also the security of the whole network. The validity of the theoretical results was verified by Matlab simulation.